package com.itheima.security.distributed.order.controller;

import com.itheima.security.distributed.order.model.UserDTO;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author xiaoxiaokui
 * @date 2019/11/26
 */
@RestController
public class OrderController {

    @GetMapping(value = "/r1")
    /**
     * 拥有p1权限方可访问此url
     */
    @PreAuthorize("hasAnyAuthority('p1')")
    public String r1() {
        // 获取用户身份信息
        UserDTO userDTO = (UserDTO) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        return userDTO.getFullname() + "访问资源1";
    }
}
